[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin

To: "Zhongze Liu" <blackskygg@xxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 23 Oct 2017 01:26:19 -0600
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, Julien Grall <julien.grall@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Mon, 23 Oct 2017 07:26:30 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 22.10.17 at 13:21, <blackskygg@xxxxxxxxx> wrote:
> How about changing the policy to (c over d) && ((d over t) || (c over t))?
> Given that (c over d) is a must, which is always checked somewhere higher
> in the call stack as Daniel pointed out,  permitting (d over t) or (c
> over t) actually infers
> permitting the other.
> 
> - if you permit (d over t) but not (c over t):
>   Given (c over t),
>   (c) can first map the src page from (t) into its own memory space and then 
> map
>   this page from its own memory space to (d)'s memory space.

Would that work? The page, when in (c)'s space, is still owned by (t),
so I don't see how mapping into (d)'s space could become possible
just because it's mapped into (c)'s.

> - if you permit (c over t) but not (d over t):
>   Given (d over t),
>   (c) can first map (d)'s pages into its own memory space and modify (d)'s 
> code
>   to issues a hypercall that maps (t)'s memory pages into (d)'s memory space.

I can buy this one (after having thought about it a little only for
now), albeit (c) modifying code in (d) is certainly something I'd call
abuse rather than use of permissions.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
  - From: Zhongze Liu

References:
- [Xen-devel] [PATCH v3 0/7] Allow setting up shared memory areas between VMs from xl config files
  - From: Zhongze Liu
- [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
  - From: Zhongze Liu
- Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
  - From: Zhongze Liu

Prev by Date: Re: [Xen-devel] [PATCH for-4.10 v2] passthrough/vtd: Don't DMA to the stack in queue_invalidate_wait()
Next by Date: Re: [Xen-devel] [PATCH V3 15/29] x86/vvtd: Process interrupt remapping request
Previous by thread: Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
Next by thread: Re: [Xen-devel] [PATCH v3 2/7] xsm: flask: change the dummy xsm policy and flask hook for map_gmfn_foregin
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.